Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Full Stack Fest – Sep 6, 2019
Daniel Stenberg
@bagder
Daniel Stenberg
@bagder
Daniel Stenberg
@bagder
HTTP 1 to 2 to 3HTTP 1 to 2 to 3
ProblemsProblems
Why QUIC and how it worksWhy QUIC and how it works
HTTP/3HTTP/3
Challeng...
Let the fun begin!
specifications haven’t shipped yetspecifications haven’t shipped yet
This presentation is public. Photo...
HTTP/1
HTTP/2
HTTP/3
@bagder@bagder
Under the hood
GET / HTTP/1.1
Host: www.example.com
Accept: */*
User-Agent: HTTP-eats-the-world/2019
HTTP/1.1 200 OK
Date:...
HTTP started done over TCP
@bagder@bagder
TCPTCP
TCP/IP works over IP
Establishes a “connection”
3-way handshake
Resends lost packages
Delivers a byte stream
Clear ...
HTTPS means TCP + TLS + HTTP
@bagder@bagder
@bagder@bagder
@bagder@bagder
TLSTLS
TLS is done over TCP for HTTP/1 or 2
Transport Layer Security
Additional handshake
Privacy and security
@bagder@bag...
Classic HTTP Network Stack
IP
TCP
TLS 1.2+
HTTP
@bagder@bagder
HTTP over TCP
@bagder@bagder
HTTP/1.1HTTP/1.1
Shipped January 1997
Many parallel TCP connections
Better but ineffective TCP use
HTTP head-of-line-block...
HTTP/2HTTP/2
Shipped May 2015
Uses single connection per host
Many parallel streams
TCP head-of-line-blocking
@bagder@bagd...
OssificationOssification
Internet is full of boxes
Routers, gateways, firewalls, load balancers,
NATs...
Boxes run softwar...
Internet
WWW
@bagder@bagder
Ossification casualties
HTTP/2 in clear textHTTP/2 in clear text
TCP improvements like TFOTCP improvements like TFO
TCP/UD...
Improvement in spite of ossification
@bagder@bagder
@bagder@bagder
@bagder@bagder
A new transport protocol
@bagder@bagder
Built on experiences by Google QUIC
Google deployed “http2 frames over UDP”-QUIC in 2013Google deployed “http2 frames over...
Improvements
TCP head of line blockingTCP head of line blocking
Faster handshakesFaster handshakes
Earlier dataEarlier dat...
Build on top of UDP
TCP and UDP remain “the ones”TCP and UDP remain “the ones”
Use UDP instead of IPUse UDP instead of IP
...
UDP isn’t reliable, QUIC is
UDP
Connectionless
No resends
No flow control
QUIC
Uses UDP like TCP uses IP
Adds connections,...
Streams!
QUIC provides streamsQUIC provides streams
Many logical flows within a single connectionMany logical flows within...
Independent streams
TCPTCP
QUICQUIC
@bagder@bagder
Application protocols over QUICApplication protocols over QUIC
Streams for free
Could be “any protocol”
HTTP worked on as ...
HTTP/3 = HTTP over QUIC
@bagder@bagder
HTTP – same but different
RequestRequest
- method + path- method + path
- headers- headers
- body- body
ResponseResponse
-...
HTTP – same but different
HTTP/1 – in ASCII over TCP
HTTP/2 – binary multiplexed over TCP
HTTP/3 – binary over multiplexed...
Stacks: old vs new
TCP
TLS 1.2+
HTTP/2
UDP
HTTP/3
QUIC
TLS 1.3
IP
HTTP/1
@bagder@bagder
streams
Feature comparison
@bagder@bagder
HTTP/2 HTTP/3
Transport TCP QUIC
Streams HTTP/2 QUIC
Clear-text version Yes No
Independe...
HTTP/3 is fasterHTTP/3 is faster
Faster handshakes
Early data that works
The independent streams
By how much remains to be...
HTTPS is TCP?
HTTPS:// URLs are everywhereHTTPS:// URLs are everywhere
TCP (and TLS) on TCP port 443TCP (and TLS) on TCP p...
This service - over there!
The Alt-Svc: response header
Another host, protocol or port number is the
same “origin”
This si...
Will HTTP/3 deliver?
@bagder@bagder
Eight HTTP/3 challenges
3-7% of QUIC attempts fail
Clients need fall back algorithms
1 2 3 4 5 6 7 8
@bagder@bagder
Eight HTTP/3 challenges
CPU intensive
Unoptimized UDP stacks
1 2 3 4 5 6 7 8
@bagder@bagder
Eight HTTP/3 challenges
“Funny” TLS layer
1 2 3 4 5 6 7 8
@bagder@bagder
Eight HTTP/3 challenges
All QUIC stacks are user-land
No standard QUIC API
1 2 3 4 5 6 7 8
@bagder@bagder
Eight HTTP/3 challenges
Lack of tooling
1 2 3 4 5 6 7 8
@bagder@bagder
Ship date
@bagder@bagder
Implementations
Over a dozen QUIC implementations, almost as many
HTTP/3 implementations
Google, Mozilla, Apple, Facebook,...
HTTP/3 in curl
ExperimentalExperimental h3-22 has landed
Alt-svcAlt-svc support is there
Based on ngtcp2ngtcp2 and quicheq...
HTTP/3 will take timeHTTP/3 will take time
HTTP/3 will grow slowerHTTP/3 will grow slower
Some will stick to HTTP/2Some wi...
FutureFuture
MultipathMultipath
Forward error correctionForward error correction
Unreliable streamsUnreliable streams
More...
Take-aways
HTTP/3 is coming soonHTTP/3 is coming soon
HTTP/3 is always encryptedHTTP/3 is always encrypted
Similar to HTTP...
HTTP/3 Explained
https://daniel.haxx.se/http3-explained
@bagder@bagder
Daniel Stenberg
@bagder
https://daniel.haxx.se/
Thank you!Thank you!
Questions?Questions?
@bagder@bagder
Credits
QUIC drafts: https://quicwg.github.io/
Images: https://pixabay.com/
This presentation is provided under the Creati...
Upcoming SlideShare
Loading in …5
×

Http3 fullstackfest-2019

473 views

Published on

HTTP/3 is the designated name for the coming next version of the protocol that is currently under development within the QUIC working group in the IETF.

This time TCP is replaced by the new transport protocol QUIC and things are different yet again!

HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC. Daniel Stenberg does a presentation about HTTP/3 and QUIC. Why the new protocols are deemed necessary, how they work, how they change how things are sent over the network and what some of the coming deployment challenges will be.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Http3 fullstackfest-2019

  1. 1. Full Stack Fest – Sep 6, 2019
  2. 2. Daniel Stenberg @bagder
  3. 3. Daniel Stenberg @bagder
  4. 4. Daniel Stenberg @bagder
  5. 5. HTTP 1 to 2 to 3HTTP 1 to 2 to 3 ProblemsProblems Why QUIC and how it worksWhy QUIC and how it works HTTP/3HTTP/3 ChallengesChallenges Coming soon!Coming soon! @bagder@bagder
  6. 6. Let the fun begin! specifications haven’t shipped yetspecifications haven’t shipped yet This presentation is public. Photos andThis presentation is public. Photos and sharing are fine!sharing are fine! Questions at the end!Questions at the end! @bagder@bagder
  7. 7. HTTP/1 HTTP/2 HTTP/3 @bagder@bagder
  8. 8. Under the hood GET / HTTP/1.1 Host: www.example.com Accept: */* User-Agent: HTTP-eats-the-world/2019 HTTP/1.1 200 OK Date: Thu, 09 Nov 2018 14:49:00 GMT Server: my-favorite v3 Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT Content-Length: 12345 Set-Cookie: this-is-simple=yeah-really; Content-Type: text/html [content] @bagder@bagder
  9. 9. HTTP started done over TCP @bagder@bagder
  10. 10. TCPTCP TCP/IP works over IP Establishes a “connection” 3-way handshake Resends lost packages Delivers a byte stream Clear text @bagder@bagder
  11. 11. HTTPS means TCP + TLS + HTTP @bagder@bagder
  12. 12. @bagder@bagder
  13. 13. @bagder@bagder
  14. 14. TLSTLS TLS is done over TCP for HTTP/1 or 2 Transport Layer Security Additional handshake Privacy and security @bagder@bagder
  15. 15. Classic HTTP Network Stack IP TCP TLS 1.2+ HTTP @bagder@bagder
  16. 16. HTTP over TCP @bagder@bagder
  17. 17. HTTP/1.1HTTP/1.1 Shipped January 1997 Many parallel TCP connections Better but ineffective TCP use HTTP head-of-line-blocking Numerous work-arounds @bagder@bagder
  18. 18. HTTP/2HTTP/2 Shipped May 2015 Uses single connection per host Many parallel streams TCP head-of-line-blocking @bagder@bagder
  19. 19. OssificationOssification Internet is full of boxes Routers, gateways, firewalls, load balancers, NATs... Boxes run software to handle network data Middle-boxes work on existing protocols Upgrade much slower than edges @bagder@bagder
  20. 20. Internet WWW @bagder@bagder
  21. 21. Ossification casualties HTTP/2 in clear textHTTP/2 in clear text TCP improvements like TFOTCP improvements like TFO TCP/UDP replacementsTCP/UDP replacements HTTP brotliHTTP brotli Future innovationsFuture innovations …… unless encryptedunless encrypted @bagder@bagder
  22. 22. Improvement in spite of ossification @bagder@bagder
  23. 23. @bagder@bagder
  24. 24. @bagder@bagder
  25. 25. A new transport protocol @bagder@bagder
  26. 26. Built on experiences by Google QUIC Google deployed “http2 frames over UDP”-QUIC in 2013Google deployed “http2 frames over UDP”-QUIC in 2013 Widely used clientWidely used client Widely used web servicesWidely used web services Proven to work at web scaleProven to work at web scale Taken to the IETF in 2015Taken to the IETF in 2015 QUIC working group started 2016QUIC working group started 2016 IETF QUIC is now very different than Google QUIC wasIETF QUIC is now very different than Google QUIC was @bagder@bagder
  27. 27. Improvements TCP head of line blockingTCP head of line blocking Faster handshakesFaster handshakes Earlier dataEarlier data Connection-IDConnection-ID More encryption, alwaysMore encryption, always Future developmentFuture development @bagder@bagder
  28. 28. Build on top of UDP TCP and UDP remain “the ones”TCP and UDP remain “the ones” Use UDP instead of IPUse UDP instead of IP Reliable transport protocol - inReliable transport protocol - in user-spaceuser-space A little like TCP + TLSA little like TCP + TLS @bagder@bagder
  29. 29. UDP isn’t reliable, QUIC is UDP Connectionless No resends No flow control QUIC Uses UDP like TCP uses IP Adds connections, resends and flow control on top @bagder@bagder
  30. 30. Streams! QUIC provides streamsQUIC provides streams Many logical flows within a single connectionMany logical flows within a single connection Similar to HTTP/2 but in the transport layerSimilar to HTTP/2 but in the transport layer IndependentIndependent streamsstreams @bagder@bagder
  31. 31. Independent streams TCPTCP QUICQUIC @bagder@bagder
  32. 32. Application protocols over QUICApplication protocols over QUIC Streams for free Could be “any protocol” HTTP worked on as the first Others are planned to follow @bagder@bagder
  33. 33. HTTP/3 = HTTP over QUIC @bagder@bagder
  34. 34. HTTP – same but different RequestRequest - method + path- method + path - headers- headers - body- body ResponseResponse - response code- response code - headers- headers - body- body @bagder@bagder
  35. 35. HTTP – same but different HTTP/1 – in ASCII over TCP HTTP/2 – binary multiplexed over TCP HTTP/3 – binary over multiplexed QUIC @bagder@bagder
  36. 36. Stacks: old vs new TCP TLS 1.2+ HTTP/2 UDP HTTP/3 QUIC TLS 1.3 IP HTTP/1 @bagder@bagder streams
  37. 37. Feature comparison @bagder@bagder HTTP/2 HTTP/3 Transport TCP QUIC Streams HTTP/2 QUIC Clear-text version Yes No Independent streams No Yes Header compression HPACK QPACK Server push Yes Yes Early data In theory Yes 0-RTT Handshake No Yes
  38. 38. HTTP/3 is fasterHTTP/3 is faster Faster handshakes Early data that works The independent streams By how much remains to be measured! @bagder@bagder
  39. 39. HTTPS is TCP? HTTPS:// URLs are everywhereHTTPS:// URLs are everywhere TCP (and TLS) on TCP port 443TCP (and TLS) on TCP port 443 @bagder@bagder
  40. 40. This service - over there! The Alt-Svc: response header Another host, protocol or port number is the same “origin” This site also runs on HTTP/3 “over there”, for the next NNNN seconds @bagder@bagder
  41. 41. Will HTTP/3 deliver? @bagder@bagder
  42. 42. Eight HTTP/3 challenges 3-7% of QUIC attempts fail Clients need fall back algorithms 1 2 3 4 5 6 7 8 @bagder@bagder
  43. 43. Eight HTTP/3 challenges CPU intensive Unoptimized UDP stacks 1 2 3 4 5 6 7 8 @bagder@bagder
  44. 44. Eight HTTP/3 challenges “Funny” TLS layer 1 2 3 4 5 6 7 8 @bagder@bagder
  45. 45. Eight HTTP/3 challenges All QUIC stacks are user-land No standard QUIC API 1 2 3 4 5 6 7 8 @bagder@bagder
  46. 46. Eight HTTP/3 challenges Lack of tooling 1 2 3 4 5 6 7 8 @bagder@bagder
  47. 47. Ship date @bagder@bagder
  48. 48. Implementations Over a dozen QUIC implementations, almost as many HTTP/3 implementations Google, Mozilla, Apple, Facebook, Microsoft, Akamai, Fastly, Cloudflare, F5, LiteSpeed, and more No browser ships HTTP/3 yet. Chrome or Safari first? Neither do Apache, nginx or IIS. Caddy! curl! @bagder@bagder
  49. 49. HTTP/3 in curl ExperimentalExperimental h3-22 has landed Alt-svcAlt-svc support is there Based on ngtcp2ngtcp2 and quichequiche FallbackFallback is tricky Try it! Try it! @bagder@bagder
  50. 50. HTTP/3 will take timeHTTP/3 will take time HTTP/3 will grow slowerHTTP/3 will grow slower Some will stick to HTTP/2Some will stick to HTTP/2 QUIC is for the long termQUIC is for the long term @bagder@bagder
  51. 51. FutureFuture MultipathMultipath Forward error correctionForward error correction Unreliable streamsUnreliable streams More application protocolsMore application protocols @bagder@bagder
  52. 52. Take-aways HTTP/3 is coming soonHTTP/3 is coming soon HTTP/3 is always encryptedHTTP/3 is always encrypted Similar to HTTP/2 but over QUICSimilar to HTTP/2 but over QUIC QUIC is transport over UDPQUIC is transport over UDP Challenges to overcomeChallenges to overcome Early 2020?Early 2020? @bagder@bagder
  53. 53. HTTP/3 Explained https://daniel.haxx.se/http3-explained @bagder@bagder
  54. 54. Daniel Stenberg @bagder https://daniel.haxx.se/ Thank you!Thank you! Questions?Questions? @bagder@bagder
  55. 55. Credits QUIC drafts: https://quicwg.github.io/ Images: https://pixabay.com/ This presentation is provided under the Creative Commons Attribution 4.0 International Public License @bagder@bagder

×